Skip to content
BaseID Docs

Console: DIDs

DIDs page

What is a DID?

Section titled “What is a DID?”

A Decentralized Identifier (DID) is a globally unique identifier that you control, backed by a cryptographic key pair. In BaseID, DIDs serve as your issuer identity — they sign credentials you issue.

A DID looks like: did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK

Creating a DID

Section titled “Creating a DID”

Select a key type and click Create DID. The key pair is generated server-side and the private key is stored encrypted in your tenant’s database.

Key types

Section titled “Key types”
Key typeAlgorithmBest for
Ed25519EdDSAGeneral purpose. Fast signatures, compact keys. Recommended default.
P-256ES256WebAuthn/FIDO2 compatibility. Required by some enterprise systems. NIST-approved.
P-384ES384Higher security margin. Required by some government standards (e.g., HAIP profile).

Which key type should I choose?

Section titled “Which key type should I choose?”
  • Start with Ed25519 unless you have specific requirements
  • Use P-256 if integrating with WebAuthn, Apple/Google attestation, or FIDO2
  • Use P-384 if targeting HAIP compliance or government procurement requiring ES384

DID methods

Section titled “DID methods”

BaseID currently supports did:key — the public key is encoded directly in the DID identifier. No external resolution infrastructure needed.

Deactivating a DID

Section titled “Deactivating a DID”

Deactivation is permanent and means:

  • The DID can no longer issue new credentials
  • Credentials already issued remain valid and verifiable
  • The key material is preserved but marked inactive

Deactivate a DID when you want to rotate to a new key or retire an identity.

Plan limits

Section titled “Plan limits”

Each plan has a maximum number of DIDs. Check your current usage on the Usage page. Upgrade your plan to create more DIDs.

See the DIDs API reference for programmatic usage.

See also

Section titled “See also”